\section{Introduction}
\label{introduction}

Cloud computing, and specifically platform as a service, has changed the 
dynamics of modern software engineering. As developers offload many concerns
related to software deployment, such as those related to the runtime
environment and hardware configuration, they also forgo many of the
traditional assumptions made in software engineering.

Monitoring performance behavior is an important software engineering
task. By analyzing relevant metrics related to the application (such as
those related to performance, failures, and usage), developers can enhance
the application in future releases by fixing performance bottlenecks or
optimizing often-used functionality.  Log files, database snapshots, or
performance information from the runtime environment are all used to
monitor a program's behavior. In platform as a service offerings, however,
developers do not control the file system, the database, or the runtime
environment. \emph{AnnoFlow} addresses some of these shortcomings by providing
an infrastructure for developers to obtain application-specific metrics
from the platform. Our logging framework can gather and display
relevant metrics for developers to analyze.

Additionally, platform as a service deployments present new challenges
when it comes to securing data flow. When offloading an application to
the cloud, these developers are also offloading their data to the cloud.
Some software domains, such as credit card processing or health care, 
are heavily regulated to ensure that ``sensitive'' data cannot be leaked
or maliciously obtained. Compliance standards hold organizations to
a set of rules by which they must adhere when developing an application
in that specific domain. The knock on cloud computing (not just platform
as a service) is that the developer does not control the data. This has
hindered cloud adoption in heavily regulated domains.

Although fully solving the problem of securing data in the cloud is both
a technical and regulatory challenge (and well beyond the scope of this paper), 
we present a first step in the direction for platform as a service providers.
\emph{AnnoFlow} enables developers to set up boundaries between the
application and the cloud and establish policies that govern data. Policies,
for instance, can stipulate that a particular piece of data must stay within
the United States at all times or that it must always be encrypted using
algorithm \emph{X}. Boundaries, on the other hand, establish filters in the
application that analyze the policies of the objects passing through them and 
flag any potential violations (for instance, sending data overseas). By allowing
developers to establish these policies for their data, platform as a service
providers can take a first step in providing a service level agreement for
securing data in the cloud. In reality, there are many legal challenges
in providing such agreements, and developers must ultimately trust that the
provider will adhere to the agreement. But, we believe that \emph{AnnoFlow} addresses
many of the technical challenges of providing such agreements.
